Crypto on-ramp provider Transak faces a data breach impacting 93,000 users, while a ransomware group claims to have more sensitive data than disclosed.

Transak, a crypto on-ramp service used by prominent platforms such as Metamask, Binance, and Trust Wallet, has confirmed a data breach, revealing that basic identity information for 93,000 users was exposed. However, a ransomware group responsible for the attack claims it has obtained more sensitive data than Transak has disclosed.

In a blog post on Monday, Transak assured users that the leaked data was primarily limited to "names" and "basic identity information." However, in an interview with CoinDesk, CEO Sami Start admitted that the breach also included more sensitive information such as government-issued IDs, passports, and selfies submitted by customers for identity verification.

Despite the breach, Start emphasized that more critical financial details like bank account information, social security numbers, credit card data, emails, and passwords were not compromised. “The severity of this incident is limited by the fact that no financially sensitive or critical information was accessed,” Start said.

Transak provides services that enable users to purchase cryptocurrencies via credit cards, facilitating smooth fiat-to-crypto transactions. Its integration with wallets like Metamask, Trust Wallet, and exchanges such as Binance.US has made it a key player in the crypto ecosystem.

According to Transak, the breach affected 1.14% of its user base. However, the ransomware group claiming responsibility said the attack impacted a larger subset of customers. The group posted in a Telegram channel, alleging it had obtained over 300GB of data, including sensitive documents such as government-issued IDs, proof of address, and financial statements.

The ransomware group threatened to leak or sell the remaining data if Transak does not pay the ransom. Despite these threats, Transak has made it clear it does not intend to negotiate with the attackers. “We don’t know if they necessarily did this or if they’re just claiming credit for it,” Start told CoinDesk, adding that the group had shown some evidence of the stolen data.

The breach occurred after an employee used their work laptop for non-work-related activities, which allowed a malicious script to run, granting access to one of Transak’s third-party KYC (know-your-customer) vendors. Start revealed that this KYC service provider had a vulnerability, allowing the attackers to steal a subset of Transak’s user data.

The employee responsible for the breach has been terminated, according to the company. Start reassured that the attack only compromised data from this third-party KYC provider, denying claims that other systems were impacted. “Any rumors about accessing other systems are not true,” Start asserted. “They only accessed the users I mentioned. I challenge anyone to show otherwise.”

As the situation develops, cybersecurity experts recommend that Transak users revoke token approvals and take additional security measures to protect their personal information.

photo source / Blockonome